[ratelimits] Referrals incorrectly limited.

Vernon Schryver vjs at rhyolite.com
Wed Jan 9 19:10:11 UTC 2013

> From: john <jbond at ripe.net>

> > Do you disagree with my claim that in almost all legitimate cases not
> > in the middle of an attack, RRL does not *block* DNS traffic but only
> > slows it down by forcing legitimate DNS clients to retry or switch to TCP?

> No I agree admittedly I do keep forgetting that fact; however the first
> concern I have is that if we force a lot of this traffic over to TCP we
> could start to exhaust TCP resources.

Do you see no contradictions in not defending against real attacks
because you don't currently see them and not defending against
attacks you do see because of unseen, potential resource exhaustion
that you could deal with if it did happen?

Vernon Schryver    vjs at rhyolite.com

More information about the ratelimits mailing list